The morning spam...

The morning spam... Oh, look what just showed up in my inbox! An email from someone I never heard of, promising me a payment if only I will paste a decryption key into the attached document and open it. Sure, that's plausible!

What's really going on, of course, is that opening that document will run some malicious code, in a document macro. Most likely it's going to try to exploit some Windows bug (and they sent it to me not knowing I have a Mac), but you never know, there might be a Mac bug to exploit too.

Do people actually fall for things like this? Unfortunately, yes – predominantly younger people (who believe themselves immortal or are just ignorant) and older people (who just don't understand the risk). Not long ago I read a study that showed about 4% of recipients actually opened things like this – even examples like this one that aren't well-targeted or particularly convincingly worded.

On a related subject, where I work they occasionally send emails to us in an attempt to trip us up. Of course nothing bad happens but the workforce gets just a little better at identifying threats. And the training that every new employee receives in this area is the best I've seen!